graphical passwords
DESCRIPTION
Now a days, Information Security is the most describing problem.Informations stored in the databases are much precious for the user.To cop up with the security of the Informations, the passwords were introduced.Thus the password is the benchmark that checks the authentication/role of the user in that database.the credit of this presentation goes to my friend Joju.This presentation is uploaded with all his permission. regards ccTRANSCRIPT
Graphical Passwords
Submitted By: Joju P Antony R7A 41Guided By : Sindhu Vino
Contents Introduction Authentication Methods Requirements Of A Password Text Based Passwords
Vulnerabilities An Alternative : Graphical Passwords Techniques Used For Graphical Password
Recognition Based Techniques Dhamija And Perrig Scheme Sobrado And Birget Scheme
Recall Based Techniques Pass Faces Pass Clicks
Advantages Disadvantages References
Introduction
Now a days, Information Security is the most describing problem
Informations stored in the databases are much precious for the user
To cop up with the security of the Informations, the passwords were introduced
Thus the password is the benchmark that checks the authentication/role of the user in that database
Authentication Methods
Token based authentication Key cards, band cards, smart card, …
Biometric based authentication Fingerprints, iris scan, facial recognition, …
Knowledge based authentication Text-based passwords, picture-based passwords, … Most widely used authentication techniques
Requirements of a password
Passwords should be easy to rememberShould be quickly and easily executableShould be secureShould look random and should be hard to
guessShould be changeable
Text Based Passwords
What about text-based passwords ?Difficulty of remembering passwords
If easy to remember -> Easy to guessIf hard to guess -> Hard to remember
Users tend to write passwords down or use the same passwords for different accounts
Vulnerabilities
Shoulder surfing (watching a user log on as they type their password).
Dictionary attacks (using L0phtCrack or Jack the Ripper).
User may forget the password if it is too long and complicated.
Contd…
Key logging software records all the keystrokes input from the keyboard and stores it for the hacker to look through and find what could be a password.
So the user need to ensure that computer systems are secure which is practically infeasible for an untrained user.
An alternative: Graphical Passwords
Graphical passwords may be a solution to the text based password vulnerabilities.
The idea of graphical passwords was pioneered by Greg Blonder who also holds the US patent 5559961
A graphical password is a secret that a human user inputs to a computer with the aid of the computers’ graphical input (e.g., mouse, stylus, or touch screen) and output devices.
Contd…
Psychological studies: Human can remember pictures better than text
Here the user uses visual recollection in order to gain authentication to a system
Therefore the human factor in securing information is limited
Four techniques used for Graphical Passwords
Recognition Based TechniquesRecall Based TechniquesPass FacesPass Clicks
Recognition Based Techniques A user is presented with a set of images and the user passes
the authentication by recognizing and identifying the images he selected during the registration stage
Recognition Based Techniques
Dhamija and Perrig SchemePick several pictures out of many choices, identify them laterin authentication.using Hash Visualization, which, given a seed, automatically generate a set of pictures
Recognition Based Techniques
Sobrado and Birget Scheme System display a number of pass-objects (pre-selected by
user) among many other objects, user click inside the convex
hull bounded by pass-objects.Suggested using 1000 objects, which makes the display
very crowed and the objects Almost indistinguishable.
Recall Based TechniquesA user is asked to reproduce something that he created or selected earlier during the registration stage
Recall Based Techniques Draw-A-Secret (DAS) Scheme : User draws a simple picture on
a 2D grid, the coordinates of the grids occupied by the picture are stored in the order of drawing
Redrawing has to touch the same grids in the same sequence in authentication user studies showed the drawing sequences is hard to remember
PASS FACES
PASS FACES
Passfaces (formerly known as Real User Corporation) is an information security technology company based in Annapolis, Maryland.
Commercial application leverages the brain’s innate cognitive ability to recognize human faces.
PASS FACES
PASS FACES
Logon Process:– Users are asked to pick their assigned Passfaces
from a 3 x 3 grids containing one Passface and 8 decoys.
– The faces appear in random positions within the grid each time.
– This process is repeated until each of the assigned Passfaces is identified.
PASS FACES
PASS CLICK
PASS CLICK
PassClick Scheme: User click on any place on an image to create a password. A tolerance around each chosen pixel is calculated. In order to be authenticated, user must click within the tolerances in correct sequence.
PASS CLICK
PASS CLICK In the above example, the PassClicks are the points that are
circled. The first was the light on the light post, then the headlight on the streetcar, followed by the middle of the clock tower, the face of the street clock, and the P on the parking sign.
By looking at this picture, you can see that there are an extreme number of places you could set as PassClicks and still remember where they are.
An individual could easily choose a face, something on the side of a building, or even the dashes on the street.
Advantages of Graphical Passwords
Human brains can process graphical images easily.
Examples include places we visited, faces of people and things we have seen.
Difficult to implement automated attacks (such as dictionary attacks) against graphical passwords.
Disadvantages
Shoulder surfing problem.
(watching a user log on as they type their password).
More storage space required
Hard to implement when compared to text passwords
Conclusion
Main argument for graphical passwords: people are better at memorizing graphical passwords than text-based passwords
It is more difficult to break graphical passwords using the traditional attack methods such as : brute force search, dictionary attack or spyware.
Not yet widely used, current graphical password techniques are still immature
References• [01] Fabian Monrose and Michael Reiter• Chapter 9 - Security and Usability• [02] The Graphical Passwords Project• Funded by the NSF CyberTrust Project• Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic),
S.Man (SW Minn. State), S. Wiedenbeck (Drexel)• [03] The Graphical Passwords Project• Funded by the NSF CyberTrust Project• Co-PIs: J.C. Birget (Rutgers-Camden), D. Hong (Rutgers-Camden), N. Memon (Brooklyn Polytechnic),
S.Man (SW Minn. State), S. Wiedenbeck (Drexel)• [04] Graphical Passwords• Leonardo Sobrado and Jean-Camille Birget• Department of Computer Science, Rutgers University• [05] Graphical Passwords• Leonardo Sobrado and Jean-Camille Birget• Department of Computer Science, Rutgers University• [06] Graphical Passwords• Leonardo Sobrado and Jean-Camille Birget• Department of Computer Science, Rutgers University• [07] Graphical Passwords• Leonardo Sobrado and Jean-Camille Birget• Department of Computer Science, Rutgers University• [08] A Password Scheme Strongly Resistant to Spyware
